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DETAILED ACTION 

The application of Gibart et al., for a "High speed synchronization in dual- 
processor safety controller" filed September 16, 2003, has been examined. 
Claims 1-30 are presented for examination. 
Information disclosed and listed on PTO 1449 has been considered. 
Claims 1-9, 12-30 are rejected under 35 USC § 102. 
Claims 10, 11 are rejected under 35 USC § 103. 

Claim Objections 

Claim 23 is objected to because of the following informalities: Claim 23 is 
dependent on claim 26. It is believed that claim 23 was intended to be dependent on 
claim 17 instead of claim 26. Examiner suggests the change of the claim 23 to depend 
on claim 17. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-9 and 12-30 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Danielsen et al. (U.S. Patent No. 5,136,704). 
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As per claim 1, Danielsen discloses a safety controller comprising: 
a first and second processing unit (Fig. 3, Processor A and Processor B) 
communicating on a communication bus (Fig. 3, element 12, 14), each including a 
processor (Fig. 4, Processor A and Processor B) and memory (Fig. 4, elements 42, 44), 
the memory of each of the first and second processing units loadable with a common 
safety program and input/output variables, wherein the safety program is repeatably 
executable to read input variables representing inputs from external controlled devices 
and write output variables representing outputs to external controlled devices (col. 3, 
lines 1-8) 

a coordinator program providing each of the first and second processing units 
with identical input variables at a predetermined point in the repeated execution of the 
common safety programs (col. 3, lines 9-21) 

a synchronization program (col. 5, lines 51-61) executable by the first and 
second processing units to execute the common safety programs (col. 3, lines 1-8) and 
to compare execution of the common safety programs and to enter a safety state when 
this execution differs (col. 3, lines 57-68 through col. 4, lines 1-5). 

As per claim 2, Danielsen discloses in the coordination program provides 
identical input variables at only a single point in the repeated execution of the common 
safety programs (col. 5, lines 51-61). 
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As per claim 3, Danielsen discloses the predetermined point in the repeated 
execution of the common safety programs is the start of the common safety programs 
(col. 5, lines 51-61). 

As per claim 4, Danielsen discloses the synchronization program compares 
execution of the safety program by comparing output variables generated by the first 
and second processing unit executing the safety program (col. 3, lines 57-68 through 
col. 4, lines 1-5). 

As per claim 5, Danielsen discloses the safety program is executed repeatedly 
and wherein the comparison of the output variables is performed at the conclusion of 
each repeated execution immediately prior to outputting of the output variables to the 
external controlled device (col. 3, lines 53-64). 

As per claim 6, Danielsen discloses the safety program also executes to 
generate values of internal variables different from the input and output variables and 
wherein the synchronization program compares execution of the safety program by 
comparing values of internal variables generated by the first and second processing unit 
executing the safety program (col. 4, lines 23-41). 

As per claim 7, Danielsen discloses the safety program is executed repeatedly 
and wherein the comparison is performed at a period greater than the repetition period 
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(col. 3, lines 57-68 through col. 4, lines 1-5). 
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As per claim 8, Danielsen discloses the coordination program stops the common 
safety programs execution at the predetermined point in the repeated execution of the 
common safety program until the identical input variables have been provided to the 
common safety programs (col. 4, lines 6-20). 

As per claim 9, Danielsen discloses identical input variables are provided by 
copying of input variables from the first processing unit to the second processing unit 
(col. 6, lines 7-17). 

As per claim 12, Danielsen discloses the first processing unit includes a buffer 
memory (Fig.11, element 121) receiving input variables asynchronously and wherein 
the coordination program copies the buffer memory identically to memory in each of the 
processing units (Fig. 11, element 122) and (col. 6, lines 7-17). 

As per claim 13, Danielsen discloses the synchronization program combines the 
output variables when the execution of the common safety program does not differ to 
produce a single set of output variables transmittable to the controlled device. Figure 1 1 
shows input port 136 and output port 135 are combined in the switch 138 and result in 
an output from the switch. 
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As per claim 14, Danielsen discloses the combination creates a message having 
one output variable concatenated to the value of the output variable complemented (col. 
6, lines 7-17). 

As per claim 15, Danielsen discloses a safety controller comprising: 

a first and second processing unit (Fig. 3, Processor A and Processor B) each 
including a processor (Fig. 4, Processor A and Processor B) and memory (Fig. 4, 
elements 42, 44), the memory of each of the first and second processing units loadable 
with a common safety program and input/output variables, wherein the safety program 
is repeatably executable to read input variables representing inputs from external 
controlled devices and write output variables representing outputs to external controlled 
devices (col. 3, lines 1-8) 

a synchronization program (col. 5, lines 51-61) executable by the first and 
second processing units to execute the common safety programs (col. 3, lines 1-8) and 
to compare execution of the common safety programs and to enter a safety state when 
this execution differs (col. 3, lines 57-68 through col. 4, lines 1-5) 

wherein the synchronization program compares execution of the safety program 
by comparing outputs generated by the first and second processing unit executing the 
safety program at the conclusion of each repeated execution immediately prior to 
outputting of the output values to the external device (col. 3, lines 53-64). 

As per claim 16, Danielsen discloses a safety controller comprising: 



Application/Control Number: 10/663,863 Page 7 

Art Unit: 2113 

a first and second processing unit (Fig. 3, Processor A and Processor B) 
communicating on a communication bus (Fig. 3, element 12, 14), each including a 
processor (Fig. 4, Processor A and Processor B) and memory (Fig. 4, elements 42, 44), 
the memory of each of the first and second processing units loadable with a common 
safety program and input/output variables, wherein the safety program is repeatably 
executable to read input variables representing inputs from external controlled devices 
and write output variables representing outputs to external controlled devices (col. 3, 
lines 1-8) 

a synchronization program (col. 5, lines 51-61) executable by the first and 
second processing units to execute the common safety programs (col. 3, lines 1-8) and 
to compare execution of the common safety programs and to enter a safety state when 
this execution differs (col. 3, lines 57-68 through col. 4, lines 1-5) 

wherein the synchronization program compares execution by comparing output 
variables and intermediate variables at different periods (col. 3, lines 57-68 through col. 
4, lines 1-5). 

As per claim 17, Danielsen discloses a method of operating a safety controller 
having a first and second processing unit (Fig. 3, Processor A and Processor B) each 
including a processor (Fig. 4, Processor A and Processor B) and memory (Fig. 4, 
elements 42, 44), the memory of each of the first and second processing units loadable 
with a common safety program and input/output variables, wherein the safety program 
is repeatably executable to read input variables representing inputs from external 



Application/Control Number: 10/663,863 Page 8 

Art Unit: 2113 

controlled devices and write output variables representing outputs to external controlled 
devices (col. 3, lines 1-8), the method comprising the steps of: 

(a) providing each of the first and second processing units with identical input 
variables at a predetermined point in the repeated execution of the common safety 
programs (col. 6, lines 7-17) and (col. 5, lines 51-61) 

(b) executing by the first and second processing units the common safety 
programs and comparing execution of the common safety programs to enter a safety 
state when this execution differs (col. 3, lines 57-68 through col. 4, lines 1-5). 

As per claim 18, Danielsen discloses step (a) provides identical input variables at 
only a single point in the repeated execution of the common safety programs (col. 5, 
lines 51-61). 

As per claim 19, Danielsen discloses the predetermined point in the repeated 
execution of the common safety programs is the start of the common safety programs 
(col. 5, lines 51-61). 

As per claim 20, Danielsen discloses step (b) compares execution of the safety 
program by comparing output variables generated by the first and second processing 
unit executing the safety program (col. 3, lines 57-68 through col. 4, lines 1-5). 
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As per claim 21, Danielsen discloses the safety program is executed repeatedly 
and wherein step (b) is performed at the conclusion of each repeated execution 
immediately prior to outputting of the output variables to the external controlled device 
(col. 3, lines 53-64). 

As per claim 22, Danielsen discloses the safety program also executes to 
generate values of internal variables different from the input and output variables and 
wherein step (b) compares execution of the safety program by comparing values of 
internal variables generated by the first and second processing unit executing the safety 
program (col. 4, lines 23-41). 

As per claim 23, Danielsen discloses the safety program is executed repeatedly 
and wherein the comparison is performed at a period greater than the repetition period 
(col. 3, lines 57-68 through col. 4, lines 1-5). 

As per claim 24, Danielsen discloses step (a) stops the common safety 
programs execution at the predetermined point in the repeated execution of the 
common safety program until the identical input variables have been provided to the 
common safety programs (col. 4, lines 6-20). 

As per claim 25, Danielsen discloses identical input variables are provided by 
copying of input variables from the first processing unit to the second processing unit 
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As per claim 26, Danielsen discloses the first processing unit includes a buffer 
memory (Fig.1 1, element 121) receiving input variables asynchronously and wherein 
step (a) copies the buffer memory identically to memory in each of the processing units 
(col. 6, lines 7-17). 

As per claim 27, Danielsen discloses step (b) combines the output variables 
when the execution of the common safety program does not differ to produce a single 
set of output variables transmittable to the controlled device. Figure 1 1 shows input port 
136 and output port 135 are combined in the switch 138 and result in an output from the 
switch. 

As per claim 28, Danielsen discloses the combination creates a message having 
one output variable concatenated to the value of the output variable complemented (col. 
6, lines 7-17). 

As per claim 29, Danielsen discloses a method of operating a safety controller 
having a first and second processing unit (Fig. 3, Processor A and Processor B) each 
including a processor (Fig. 4, Processor A and Processor B) and memory (Fig. 4, 
elements 42, 44), the memory of each of the first and second processing units loadable 
with a common safety program and input/output variables, wherein the safety program 
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is repeatably executable to read input variables representing inputs from external 
controlled devices and write output variables representing outputs to external controlled 
devices (col. 3, lines 1-8), the method comprising the steps of executing the common 
safety programs to compare execution of the common safety programs and to enter a 
safety state when this execution differs (col. 3, lines 57-68 through col. 4, lines 1-5) 

where the comparison of execution compares outputs generated by the first and 
second processing unit executing the safety program at the conclusion of each repeated 
execution immediately prior to outputting of the output values to the external device (col. 
3, lines 57-68 through col. 4, lines 1-5). 

As per claim 30, Danielsen discloses a method of operating a safety controller 
having a first and second processing unit (Fig. 3, Processor A and Processor B) each 
including a processor (Fig. 4, Processor A and Processor B) and memory (Fig. 4, 
elements 42, 44), the memory of each of the first and second processing units loadable 
with a common safety program and input/output variables, wherein the safety program 
is repeatably executable to read input variables representing inputs from external 
controlled devices and write output variables representing outputs to external controlled 
devices (col. 3, lines 1-8), the method comprising the steps: of executing the common 
safety program on the first and second processing units and comparing execution of the 
common safety programs to enter a safety state when this execution differs wherein the 
comparison compares execution by comparing output variables and intermediate 
variables at different periods (col. 3, lines 57-68 through col. 4, lines 1-5). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

Claims 10 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Danielsen et al. (U.S. Patent No. 5,136,704) in view of Griffin et al. (U.S. Patent 
No. 6,928,583). 

As per claim 10, Danielsen fails to explicitly disclose a backplane. 
Griffin teaches: 

the communication bus is a backplane having releasable electrical connectors 
allowing connection of the first and second processing unit to and from the backplane 
(col. 13, lines 20-39). 
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As per claim 11, Danielsen fails to explicitly disclose a serial bus. 
Griffin teaches: 

the communications bus is a serial communications network having releasable 
electrical connectors allowing connection of the first and second processing unit to and 
from the serial communication bus (col. 3, lines 45-53). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention to use the method of fault tolerance of Griffin et al. in the redundant 
microprocessor control system of Danielsen et al. to detect faults in the dual processing 
systems. 

One of ordinary skill in the art at the time the invention would have been 
motivated to make the combination because Danielsen et al. disclose a redundant 
microprocessor system and method that features a high level of safety with improved 
reliability by comparison of outputs generated by two processors in synchronization (col. 
3, lines 1 1-21). Danielsen et al. system uses a bus for communication between the two 
processing elements (Fig. 3, element 12). 

Griffin et al. discloses a method for a first computing element and a second 
computing element to execute in lockstep in a fault-tolerant server. Fault detection is 
performed by output comparison (col. 2, lines 12-26). Griffin et al. uses a 
communication bus for communication between the two processing elements (Fig. 1 , 
element 30). 
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Related Prior Art 

The following prior art is considered to be pertinent to applicant's invention, but 
nor relied upon for claim analysis conducted above. 

Vasko et al. (U.S. Patent No. 6,915,444), "Network independent safety protocol 
for industrial controller using data manipulation techniques". 

Safford et al. (U.S. Patent No. 7,003,691), "Method and apparatus for seeding 
differences in lock-stepped processors". 

Fourre et al. (U.S. Patent No. 4,520,482), "Safety controller". 

Landry et al. (U.S. Patent No. 5,434,997), "Method and apparatus for testing and 
debugging a tightly coupled mirrored processing system". 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Elmira Mehrmanesh whose telephone number is (571) 

272- 5531. The examiner can normally be reached on 8-5 M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Robert W. Beausoliel can be reached on (571) 272-3645. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
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published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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